CKEditor / FCKeditor Module for Drupal contains a flaw in the AJAX callback filter. The filter is designed to block specific blocks of text to prevent XSS attacks. There are a number of flaws in the filter that may allow an attacker to craft an XSS string that will bypass the filter.
Remote / Network Access
Loss of Integrity
Upgrade FCKeditor to version 6.x-2.3 or higher and CKEditor to version 6.x-1.9 or 7.x-1.7 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.